On an android phone, stock or modded rom, is it possible to force the use of VPN? E.g. only allow traffic tunneled by VPN, don't allow traffic without using VPN to make sure that no unencrypted traffic leaks. Thanks for any hint!

Are you having a problem with "leaked" traffic, or just assuming that using a VPN with Android is unreliable? If the latter, would you not also assume that any "force VPN" method is unreliable?
–
Matthew Read♦Sep 3 '11 at 22:39

both ;-) on mobile usage connections (VPN) are always unreliable, so when VPN gets disconnected, I want to make sure that no traffic gets send until the VPN connection is re-established.
–
stefan.at.wpfSep 4 '11 at 14:49

Ah, fair enough! It might be possible to use an app like Tasker to turn off data when you lose your VPN connection, but I don't know the specifics.
–
Matthew Read♦Sep 4 '11 at 17:55

Looks like you want to apply a security policy to a device...
–
RobertSep 22 '11 at 13:41

yes, it some way it's a security police - but that's not supported on normal android versions, right? ):
–
stefan.at.wpfSep 28 '11 at 10:44

3 Answers
3

Answering an old question, I know, but Android 4.2 has "Always-on VPN" in the menu on the VPN Settings page: setting a VPN profile under this will maintain the VPN connection, and only allow network traffic when connected to it.

wow, that is cool! and if it works like described, it perfectly solves my problem! luckily I have a galaxy nexus with 4.2.1 :-) Thank you very much for answering this old question! Of course selected as correct answer :-)
–
stefan.at.wpfJan 3 '13 at 16:14

Thank you, but I think there's one downside on this: I don't want to route my traffic over foreign computers and when I set up a bridge at home I guess traffic is routed from my bridge at home to the tor network and then to it's real destination? ):
–
stefan.at.wpfMar 1 '12 at 13:50

If you were to (correctly) set up a bridge on a server that you owned, you could 1) Limit who could use it (only you) and 2) Have it be the 'exit node', so that all of your traffic would leave from this server and not use any other Tor servers. :D. This is a very powerful tool, but you may find other users with experience with other tools that will suit your needs more easily.
–
earthmeLonMar 2 '12 at 4:58

Hmm I would I make sure I am the only one who can use it? Seems like there's no kind of authentication?
–
stefan.at.wpfMar 2 '12 at 20:57

I imagine you would start by using Tor's configuration (check their documentation) and iptables to restrict usage. Like I said, there is probably a 'better' solution for you, but I personally trust TorProject's Orbot more than any other VPN solution currently available. I plan to set this up myself and provide a tutorial soon.
–
earthmeLonMar 4 '12 at 19:52

1

According to a user from the tor help mailing list there is unfortunately no kind of authentication for bridges.
–
stefan.at.wpfMar 4 '12 at 23:54

SSHTunnel is an ssh tunnel/vpn solution for Android. When I first found SSHTunnel, users were forced to use an application's settings to use SOCK5 proxy, but now sshtunnel can handle per application and global use on its own. Just like rooting is required to get the full functionality of Orbot, you will need a rooted device in order to get what you need from SSHTunnel.

Although this is not a VPN, this is a much simpler setup that will give you an encrypted tunnel to your server. You can interact with your server through this connection directly, or use it to receive or bounce traffic outwards.

Note:
Unencrypted traffic sent to your server (ie http) will be encrypted through your ssh tunnel, but it will still be clear/unencrypted once it leaves your server.